[21028] in bugtraq
Re: OpenBSD 2.9,2.8 local root compromise
daemon@ATHENA.MIT.EDU (Andreas Haugsnes)
Fri Jun 15 11:24:51 2001
Date: Fri, 15 Jun 2001 09:18:15 +0200
From: Andreas Haugsnes <andreas@haugsnes.no>
To: Bugtraq <BUGTRAQ@securityfocus.com>
Message-ID: <20010615091815.A48802@consistent.unicore.no>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <3B28C6D6.BB215609@guninski.com>; from guninski@guninski.com on Thu, Jun 14, 2001 at 05:14:46PM +0300
I must say that I gasped and had to wipe sweat from my
forehead when I read, tested and could confirm this
exploit.
The OpenBSD-team has known about this for -6- days (15th of June),
and they haven't been able to come up with atleast a temporary fix?
I can't find anything on errdata / security warnings,
what's up with that?
Andreas Haugsnes
On Thu, Jun 14, 2001 at 05:14:46PM +0300, Georgi Guninski wrote:
> Georgi Guninski security advisory #47, 2001
>
> OpenBSD 2.9,2.8 local root compromise
>
> Systems affected:
> OpenBSD 2.9,2.8
> Have not tested on other OSes but they may be vulnerable
> Vendor status:
> OpenBSD was informed on 9 June 2001.
